CN105122214A - Repairing compromised system data in a non-volatile memory - Google Patents

Repairing compromised system data in a non-volatile memory Download PDF

Info

Publication number
CN105122214A
CN105122214A CN201380075647.4A CN201380075647A CN105122214A CN 105122214 A CN105122214 A CN 105122214A CN 201380075647 A CN201380075647 A CN 201380075647A CN 105122214 A CN105122214 A CN 105122214A
Authority
CN
China
Prior art keywords
nonvolatile memory
system data
data
damage
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201380075647.4A
Other languages
Chinese (zh)
Other versions
CN105122214B (en
Inventor
杰弗里·凯文·耶安松尼
瓦柳丁·Y·阿里
波利斯·巴拉切夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Publication of CN105122214A publication Critical patent/CN105122214A/en
Application granted granted Critical
Publication of CN105122214B publication Critical patent/CN105122214B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1469Backup restoration techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1417Boot up procedures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1456Hardware arrangements for backup
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • G06F3/0619Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0683Plurality of storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1608Error detection by comparing the output signals of redundant hardware
    • G06F11/1612Error detection by comparing the output signals of redundant hardware where the redundant component is persistent storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/83Indexing scheme relating to error detection, to error correction, and to monitoring the solution involving signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/84Using snapshots, i.e. a logical point-in-time copy of the data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A first non-volatile memory stores a redundant copy of system data that relates to a configuration of at least one physical component of a system, where the first non-volatile memory is accessible by a controller in the system and inaccessible to a processor in the system. It is determined whether system data in a second non-volatile memory accessible by the processor is compromised. In response to determining that the system data in the second non-volatile memory is compromised, the compromised system data in the second non-volatile memory is repaired.

Description

To the reparation of the system data damaged in nonvolatile memory
Background technology
Computing system can comprise the code of the various startups energy performing computing system.This code can comprise basic input/output (BIOS) code or other codes.
Accompanying drawing explanation
For accompanying drawing below, some embodiments are described:
Fig. 1 is the process flow diagram of the system data integrity verification procedures according to some embodiments;
Fig. 2 and Fig. 3 is the block diagram of the exemplary computing system comprising some embodiments; And
Fig. 4 is the process flow diagram of the management engine area validation process according to some embodiments.
Embodiment
Various types of system data can be stored in the nonvolatile memory of computing system.System data is accessed at the run duration of computing system, to guarantee the true(-)running of computing system.System data can be stored in various data structures in the nonvolatile memory, and can be relevant with the configuration of at least one assembly in computing system.Such as, system data can be relevant with the configuration of computing system, or alternatively, system data can be relevant with the configuration of the single component of computing system or multiple assembly.
The example of computing system comprises desktop computer, notebook computer, panel computer, personal digital assistant (PDA), smart phone, game machine, server computer, memory node, network communication node etc.
System data in nonvolatile memory can be damaged due to (such as, the Malware causes) unauthorized access in computing system and operation.In addition, the system data in nonvolatile memory may inadvertently be compromised.Once system data is damaged, the true(-)running of computing system is infeasible.
Although provide protection to store the mechanism of system code in the nonvolatile memory from damage, the mechanism for the protection of the system data stored in the nonvolatile memory may not be there is.The example that can be stored system code in the nonvolatile memory can comprise the system firmware for the startup or recovery operation performing computing system.System firmware is with the above executable machine readable instructions form of the processor (or multiple processor) at computing system.
System firmware can comprise: can the various assembly of initialization computing system basic input/output (BIOS) code of the operating system (OS) of loading calculation system.Bios code can perform the inspection to nextport hardware component NextPort, to guarantee that nextport hardware component NextPort exists and normally runs.This can be a part for such as power-on self-test (POST) step.After POST step, bios code can proceed remaining initiating sequence, and after this, bios code can load OS, and forwards control to OS.Bios code can comprise legacy BIOS code or unified Extensible Firmware Interface (UEFI) code.In some instances, bios code can be included in OS load after perform operation time part.
At least some in below the example that can be stored system data in the nonvolatile memory comprises.Although the particular example of reference system data, notices, the system data of other types can be applied to according to the technology of some embodiments or mechanism.
System data can comprise: can refer to the machine unique data for the unique any configuration data of each specific computing system or setting.The example of machine unique data can comprise following any or some combinations: ProductName, product type, keeper unit (SKU) number (for identifying each computing system of sale), the sequence number of computing system, system or commodity tracing number (for identifying the system board of computing system), system configuration identifier (for identifying the configuration of computing system), warranty data (for describing the guarantee be associated with computing system), universal unique identifier (UUID), the default setting of bios code, for the protection of information and unique encryption identifier information being bound to computing system (such as, encryption key) etc.There is provided foregoing teachings as the example of machine unique data; In other examples, the machine unique data of other or additional type can be provided.Machine unique data can be stored in the data structure of correspondence in the nonvolatile memory, machine unique data (MUD) region of such as nonvolatile memory.
System data also can comprise the configuration data of the network controller of computing system.Network controller can be used for according to the such as procotol of Ethernet protocol (such as, the Ethernet protocol of gigabit Ethernet agreement or other types) or the agreement of other types at the enterprising Serial Communication of network.That in the example of megabit Ethernet (GbE) agreement, the configuration data of network controller can comprise the data in the GbE region of nonvolatile memory in the procotol supported by network controller.GbE region is the data structure of the configuration data (such as, setting able to programme) of the network controller of the part comprised for can be used as computing system.Time bus reset signal in the bus be connected with network controller invalid (deassertion), read setting able to programme by network controller.
In other examples, system data can comprise the data in the descriptor region in nonvolatile memory.Descriptor region comprises the information of layout of nonvolatile memory and the data structure of the configuration parameter for I/O (I/O) controller (such as, from the platform courses center (PCH) of intel corporation or the I/O controller of other types) that describe storage system firmware.PCH can comprise various function, be included in the display interface device of graphics subsystem, to can with the system bus interface etc. of the system bus of various I/O equipment connection.I/O controller I/O can read the data in descriptor region when exiting from resetting.
According to some embodiments, in order to perform the integrity verification of the system data in nonvolatile memory, the redundant copies of system data can be provided.In some embodiments, the system data that computing system uses is stored in elementary nonvolatile memory.The redundant copies of system data is stored in secondary nonvolatile memory.The redundant copies of system data can be identical with the system data in elementary nonvolatile memory, can be maybe the different version (version more early or subsequent editions) of the system data in secondary nonvolatile memory.
Fig. 1 is the process flow diagram of the system data proof procedure according to some embodiments.Some tasks of Fig. 1 can be performed by the controller (such as embedded controller) be separated with one or more processors of the computing system for executive system firmware.As discussed further below, embedded controller can be used for performing specific appointed task.Some tasks of Fig. 1 also can be performed by system firmware.
The redundant copies of system data is stored in secondary nonvolatile memory by the process (102) of Fig. 1, and wherein, system data is relevant with the configuration of at least one physical assemblies of computing system.Such as, system data can comprise machine unique data, the configuration data of network controller and descriptor region data.Secondary nonvolatile memory can be accessed by embedded controller, but can not by the one or more processor access in computing system.One or more proof test value also can be stored in secondary nonvolatile memory by this process, other values that wherein, one or more proof test value can be cryptographic hash, School Affairs or the content based on each system data calculate.
The process (104) of Fig. 1 based on system data redundant copies or whether determine based on the one or more proof test values in secondary nonvolatile memory can be damaged by the system data in the secondary nonvolatile memory of one or more processor access.
Damaged in response to the system data determined in elementary nonvolatile memory, embedded controller and/or system firmware (106) can repair by using the redundant copies of the system data in secondary nonvolatile memory the system data damaged in elementary nonvolatile memory.
Fig. 2 is the block diagram of exemplary computing system 200, and computing system 200 comprises embedded controller 202, elementary nonvolatile memory 204, processor 206 and secondary nonvolatile memory 216.Elementary nonvolatile memory 204 is can by the shared nonvolatile memory of multiple entities access comprising embedded controller 202 and at least one other entity (comprising processor 206).Secondary nonvolatile memory 216 can be accessed by embedded controller 202, but can not by other component accesses (effectively, secondary nonvolatile memory 216 and the entity electric isolution except embedded controller 202) in processor 206 or computing system 200.Make secondary nonvolatile memory 216 content of secondary nonvolatile memory 216 can not be protected to distort from unauthorized by processor 206 and other component accesses.Secondary nonvolatile memory 216 can be accessed by in-line memory 202 at any time.
Although not shown in Fig. 2, I/O (I/O) controller can be arranged between processor 206 and elementary nonvolatile memory 204.
Secondary nonvolatile memory 216 can physically be separated from elementary nonvolatile memory 204 (such as realizing in different physical storage devices).Alternatively, secondary nonvolatile memory 216 and elementary nonvolatile memory 204 can be physically located on sharing storage equipment, but elementary nonvolatile memory 204 and secondary nonvolatile memory 216 are in the different sections of physical storage device, wherein, the section comprising the physical storage device of secondary nonvolatile memory 216 only can be accessed by embedded controller 202.In other words, comprise the section of secondary nonvolatile memory 216 under the Absolute control of embedded controller 202, and this section can be locked from the access of processor 206 or other entities.
Elementary nonvolatile memory 204 can be visited by shared bus 220 by embedded controller 202 or other entities.Notice, secondary nonvolatile memory 216 and shared bus 220 electric isolution.In some embodiments, only an entity can, in access of given time shared bus 220, make once an only entity may have access to elementary nonvolatile memory 204.In some instances, shared bus 220 is shared Serial Peripheral Interface (SPI) (SPI) buses.Spi bus is synchronous serial data link, and wherein, the equipment in SIP bus runs with master slave mode.In other examples, the shared bus 220 of other types can be used.In optional example, arbitration mechanism can be provided allow the share and access of the bus 220 of the various states being in the computing system comprising low power consumpting state or normal run time behaviour.
Elementary nonvolatile memory 204 can storage system firmware 207, and system firmware 207 can comprise bios code.System firmware 207 can comprise EC firmware 208 and startup module 210, EC firmware 208 performs for embedded controller 202, and starting module 210 will be performed by processor 206.Although with reference to " EC firmware ", notice, technology or mechanism can be applicable to the other forms of controller code that can be performed by embedded Control 202.Embedded controller code comprises the machine readable instructions that can perform on embedded controller.
According in the example of Fig. 2, EC firmware 208 is included in the startup module 210 of system firmware 207.Being included in by EC firmware 208 to start in module 210 can provide by the instruction of entity indicia EC firmware 208 providing system firmware 207, and this entity can be supplier or other entities of computing system 200.In other examples, EC firmware 208 can be separated with startup module 210.
Start the part that module 210 is bios codes, and first perform when computing system 200 starts.Before permission residue bios code is performed on processor 206, first performs and start module 210.Start the integrality that module 210 can be used for checking BIOS, and can be used for performing other Elementary Functions.If start the integrality that module 210 confirms bios code, then starting module 210 subsequently can will control to forward to a part for all the other bios codes operated be associated with bios code for initialization.
In some embodiments, start core (CRTM) logic that module 210 can comprise credible tolerance root, CRTM logic is the logic specified by Trusted Computing Group (TCG), industrial standard working group.During the step that powers on of computing system 200, CRTM logic can perform specific initialization task, and can carry out storing the repetitive measurement for using subsequently.Subsequently, CRTM logic before forwarding control the major part of bios code to, can check bios code.Perform once bios code completes and forward control to OS, OS can carry out the confidence level of verification computation system 200 based on the measurement undertaken by CRTM logic.
Embedded controller 202 is physically separated with the processor 206 of computing system 200.Processor 206 is for performing other codes in OS, application code and system 200.On the other hand, embedded controller 202 can be used for performing the specific preplanned mission as being programmed in EC firmware 208.The example of the task that can be performed by embedded controller 202 comprise following in any one or some combinations: the Energy control (for controlling the power supply of the various assemblies be supplied to by supply voltage in computing system 200) in computing system 200, to charging and the control of the battery in computing system 200, heat monitoring (temperature in monitoring calculation system 200), fan control (fan in controlling calculation system 200), and with user input device mutual (such as, perform to the scanning of the keyboard of computing system 200 or with such as mouse, Trackpad, the orientation equipment of touch-screen etc. mutual).Embedded controller 202 can realize with the programmable circuit of microcontroller, application specific integrated circuit (ASIC), programmable gate array (PGA) or any other types.
The redundant copies 214 of secondary nonvolatile memory 216 storage system firmware, wherein, system firmware redundant copies 214 comprises startup module 232 and EC firmware 230.System firmware redundant copies 214 in secondary nonvolatile memory 216 can be the copy of the system firmware 207 in elementary nonvolatile memory 204.Alternatively, system firmware redundant copies 214 can be the version (subsequent editions or version more early) different from system firmware 207.
In some embodiments, system firmware redundant copies 214 only comprises startup module 232, but does not comprise the major part of system firmware 207.In other embodiments, system firmware redundant copies 214 can comprise the whole of system firmware 207.
Memory system data 240 gone back by elementary nonvolatile memory 204, such as, above the system data discussed further.During system cloud gray model, system data 240 can be accessed by computing system 200.
Embedded controller 202 can be indicated by the system firmware 207 such as performed on processor 206, to be copied in secondary nonvolatile memory 216 by the system data 240 in elementary nonvolatile memory 204.Such copy creates system data copy 242 in secondary nonvolatile memory 216.(such as, during factory manufactures computing system) can be performed the environment of safety from elementary nonvolatile memory 204 to the instruction of the copy of secondary nonvolatile memory 216 for executive system data 204.Alternatively, (such as, at the service of goods facility for service product) can being performed another environment from elementary nonvolatile memory 204 to the copy of secondary nonvolatile memory 216 of system data 240.
In some instances, when system data copy 242 is saved in secondary nonvolatile memory 216, embedded controller 202 can calculate Hash, School Affairs or other values (being commonly referred to " proof test value ") based on the content of system data.This proof test value can be saved to secondary nonvolatile memory 216, and copies 242 with system data and be associated.
Notice, can for copy to secondary nonvolatile memory 216 every type system data 240 (such as, machine unique data, GbE area data, descriptor region data etc.) and calculate independent proof test value.The proof test value associated with the various types of system datas in secondary nonvolatile memory 216 can be used for the integrality of the content of the system data of the every type verified in elementary nonvolatile memory 204 subsequently, to guarantee that this content is not damaged because of Malware, code error or other reasons.
Copy with the machine unique data be stored in secondary nonvolatile memory 216 proof test value be associated to be used by the system firmware 207 performed on processor 206, to verify the integrality of the machine unique data in elementary nonvolatile memory 204.System firmware 207 can carry out calculation check value based on the machine unique data in elementary nonvolatile memory 204, and the proof test value of calculating and the proof test value be stored in nonvolatile memory 216 can be compared.If proof test value mates, then system firmware 207 determines that the machine unique data in elementary nonvolatile memory 204 is effective subsequently.On the other hand, if proof test value does not mate, then system firmware 207 determines that machine unique data is damaged subsequently.
If determine that the machine unique data in elementary nonvolatile memory 204 is damaged, then the copy of the machine unique data subsequently in secondary nonvolatile memory 216 can be used for by replacing with the copy of the machine unique data from secondary nonvolatile memory 216 the machine unique data that the machine unique data damaged repairs damage.
Can be performed by embedded controller 202 checking of the GbE area data in elementary nonvolatile memory 204 or descriptor region data, and can't help system firmware 207 and perform.Similar with the integrality of verifier unique data, the proof test value of the storage in the proof test value of calculating and secondary nonvolatile memory 216 can compare by embedded controller 202, with determine GbE area data or descriptor region data whether damaged.
In other embodiments, verify each specific system data 240 in elementary nonvolatile memory 204 by each system data copy 242 in more secondary nonvolatile memory 216, instead of use the proof test value be stored in secondary nonvolatile memory 216.Such as, each of machine unique data in elementary nonvolatile memory 204, GbE area data or descriptor region data and machine unique data, GbE area data or descriptor region data can be copied and compare, to determine whether changing of each data, this represents that each data are damaged.
In further embodiment, system firmware 207 and/or embedded controller 202 can monitor the write for system data 240 in elementary nonvolatile memory 204.Any write like this can notify system firmware 207 and/or embedded controller 202, makes system firmware 207 and/or embedded controller 202 can perform the checking of the system data 240 to write, in case the unauthorized of locking system data 240 upgrades.
As mentioned above, in security context, (such as, at factory or restoration facilities) the system data copy 242 in secondary nonvolatile memory 216 can be gathered.Be stored in secondary nonvolatile memory 216 system data copy 242 can by as read-only with protection system data copy 242 from damage.
In alternative embodiments, signature can be associated with the system data 240 be stored in elementary nonvolatile memory 204.Such signature can comprise the digital signature using asymmetric or symmetric cryptography to produce.Alternatively, signature can be the cryptographic hash calculated based on the content of system data 240.Such as, signature can be associated with each in the machine unique data be stored in elementary nonvolatile memory 204, GbE area data and descriptor region data.Signature can based on the encryption of other values calculated cryptographic hash, proof test value or the content based on each system data 240.Encryption key (such as, PKI or private key) can be used to perform encryption.In order to verify each system data 240 and source thereof integrality, encryption key (such as, PKI or private key) can be used to be decrypted signature.Subsequently, the value of deciphering and cryptographic hash can be compared, to verify the integrality of each system data 240 and source thereof.
By signature and each security update mechanism considered outside factory or service environment that is associated in different system datas 240.Such as, to carry out the machine unique data in elementary nonvolatile memory 204, GbE area data or descriptor region data more in new events will perform, each signature can be used for guaranteeing that more new data is from trusted source.
In addition, in the event that correspondence system data copy 242 becomes damaged, embedded controller 202 can identify machine unique data, GbE area data or descriptor region data in elementary nonvolatile memory 204, for each system data copy 242 upgraded in secondary nonvolatile memory 216.
Also by the signature with each system data copy 242 is stored in secondary nonvolatile memory 216; can protection system data copy 242 from such as by Malware or distorting of even being caused by physical attacks; wherein, secondary nonvolatile memory 216 is removed and is reprogrammed by different contents.
In other embodiments, as illustrated further in Fig. 3, elementary nonvolatile memory 204 can be stored as storage administration engine (ME) region 302 of the another kind of data structure in elementary nonvolatile memory 204 further.ME region 302 comprises the code (such as, firmware or other machines instructions) of the ME304 of the part as the chipset from intel corporation.ME region 302 also can comprise the data be associated with ME code.Such as, ME304 can be included in and be connected in the I/O controller 306 of shared bus 220.I/O controller 306 can comprise the I/O controller of PCH or other types.ME304 provides the function allowing such as to monitor, safeguard, upgrade, upgrade and repair computing system.The another kind of example of this entity comprises the platform safety processor (PSP) from advanced micro devices company (AMD).
Traditionally, be expendable in the field of ME area data 302 in damage event.According to some embodiments, ME304 can monitor the content in ME region 302.Such as, cryptographic hash, proof test value or other values can be calculated based on the content in ME region 302, and the Hash of itself and pre-stored, proof test value or other values are compared.
Secondary nonvolatile memory 216 can store M E individual information 308.The instruction that ME individual information 308 provides which or which feature of ME304 to be activated or to have forbidden.One or more features of ME304 may be activated/forbid in factory or in another place.ME individual information 308 is based on enabling/forbidding in factory or one or more features of ME304 of arranging in another place.
Fig. 4 illustrates the proving program relevant with ME region 302.If (402) detect that ME region 302 is damaged, then ME304 (or embedded controller 302) (404) can notify that (performing on processor 206) system firmware 207ME region 302 is damaged.Responsively, system firmware 207 can the order of (406) transmission for starting the computing system 200 with unblocked ME region 302.Descriptor region in elementary nonvolatile memory 204 can comprise specifying and will stop ME region 302 not by the restrict access of any machine readable instructions access performed on processor 206.Order notice I/O controller 306 read/write ignored in the descriptor region relevant with ME region 302 for starting the computing system 200 with unblocked ME region 302 limits.
The computing system 200 that (408) have unblocked ME region 302 is activated.During setting up procedure, system firmware 207 can (410) by by Recovery image from External memory equipment or copy elementary nonvolatile memory 204 to from secondary nonvolatile memory 216 and repair ME region 302.
In addition, system firmware 207 can (412) ask embedded controller 202 the ME individual information 308 be stored in secondary nonvolatile memory 216 to be copied to the ME region 302 of elementary nonvolatile memory 204.The instruction that ME individual information 308 provides which or multiple feature of ME304 to be activated or to have forbidden.One or more features of ME304 may be activated/forbid in factory or in another place.By ME individual information 308, the ME region 302 copied in elementary nonvolatile memory 204 makes the one or more suitable feature of ME304 be activated or forbid.
In the said process of Fig. 4, alternative use embedded controller 202, instead of use system firmware 207 to perform various task.
Load the machine readable instructions of above-described various module, above perform at treatment circuit (such as, embedded Control 102 or processor 106).Treatment circuit can comprise microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array or other control or computing equipment is liked.
Data and instruction are stored in and are implemented as in each memory device of one or more computer-readable or machine-readable storage media.Medium comprises multi-form storer, comprise: semiconductor memory apparatus, such as, dynamic or static RAM (DRAM or SRAM), Erasable Programmable Read Only Memory EPROM (EPROM), Electrically Erasable Read Only Memory (EEPROM) and flash memory; Disk, such as, hard disk, floppy disk and moveable magnetic disc; Comprise other magnetic mediums of tape; Optical media, such as, CD (CD) or digital video disks (DVD); Or the memory device of other types.Notice, instruction discussed above can be arranged on a computer-readable or machinable medium, or alternatively, can be arranged in multiple computer-readable in the Iarge-scale system being distributed in and can having multiple node or machine-readable storage media.This one or more computer-readable or machinable medium or media are considered to the part of article (or goods).Article or goods can refer to an assembly of any manufacture or multiple assembly.Storage medium or media can be arranged in the machine running machine readable instructions, or are positioned at the long-range place by web download machine readable instructions, for execution.
In description above, in order to provide, multiple details is set forth to the understanding of theme disclosed herein.But, can when do not have in these details some or all embodiment.Other embodiments can comprise the modifications and variations of details discussed above.Object is: appended claim contains this modifications and variations.

Claims (15)

1. a method, comprising:
The redundant copies of the system data relevant with the configuration of at least one physical assemblies of system is stored in the first nonvolatile memory, wherein, described first nonvolatile memory can by the controller access in described system, and can not by the processor access in described system;
Whether determine can be damaged by the system data in the second nonvolatile memory of described processor access; And
Damaged in response to the described system data determined in described second nonvolatile memory, repair the system data of the damage in described second nonvolatile memory.
2. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises machine unique data.
3. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises the data relevant with the configuration of network controller.
4. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises the data of the layout describing described second nonvolatile memory.
5. described method according to claim 1, comprises further:
The individual information that storage and management entity is relevant in described first nonvolatile memory; And
Use described individual information with the Fault recovery of the machine readable instructions from described management entity.
6. described method according to claim 5, comprises further:
Use from External memory equipment or the code from described first nonvolatile memory, recover the described machine readable instructions of described management entity.
7. described method according to claim 1, comprises further:
Store the signature be associated with the described system data in described second nonvolatile memory.
8. described method according to claim 7, comprise further: in response to the described system data used in the second nonvolatile memory described in described signature verification, use the described system data in described second nonvolatile memory to upgrade the described redundant copies of described system data.
9. described method according to claim 7, comprises further: the security update performing the described system data in described second nonvolatile memory.
10. a system, comprising:
Processor;
Embedded controller;
First nonvolatile memory, store the redundant copies of the system data relevant with the configuration of at least one physical assemblies in described system, wherein, described first nonvolatile memory can be accessed by described embedded controller, and can not by described processor access; And
Second nonvolatile memory, stores described system data, and wherein, described second nonvolatile memory can by described embedded controller and described processor access,
Wherein, described embedded controller for using the information in described first nonvolatile memory of being stored in detect the damage of the Part I of the described system data in described second nonvolatile memory, and for the Part I of the damage of repairing the described system data in described second nonvolatile memory.
11. described systems according to claim 10, comprise further: system start-up code, wherein, described system start-up code can be performed to use the information in described first nonvolatile memory of being stored in detect the damage of the Part II of the described system data in described second nonvolatile memory, and for the Part II of the damage of repairing the described system data in described second nonvolatile memory.
12. described systems according to claim 10, wherein, the described information of the damage of the described Part I for detecting described system data used by described embedded controller comprises: the proof test value that the content based on the described Part I of described system data calculates.
13. described systems according to claim 10, wherein, the described information of the damage of the described Part I for detecting described system data used by described embedded controller comprises: the described redundant copies of described system data.
14. 1 kinds of article, comprise at least one machinable medium storing instruction, cause system when performing described instruction:
The redundant copies of the system data relevant with the configuration of at least one physical assemblies of system is stored in the first nonvolatile memory, wherein, described first nonvolatile memory can by the controller access in described system, and can not by the processor access in described system;
Whether determined based on the information be stored in described first nonvolatile memory by described controller can be damaged by the Part I of the system data in the second nonvolatile memory of described processor access; And
Described Part I in response to the described system data determined in described second nonvolatile memory is damaged, is repaired the Part I of the damage of the described system data in described second nonvolatile memory by described controller.
15. described article according to claim 14, wherein, described reparation comprises: the Part I being repaired the damage of described system data by the Part I of the damage of the described system data in described second nonvolatile memory of described redundant copies replacement of the described Part I with the described system data from described first nonvolatile memory.
CN201380075647.4A 2013-04-23 2013-04-23 Reparation to the system data damaged in nonvolatile memory Active CN105122214B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2013/037729 WO2014175865A1 (en) 2013-04-23 2013-04-23 Repairing compromised system data in a non-volatile memory

Publications (2)

Publication Number Publication Date
CN105122214A true CN105122214A (en) 2015-12-02
CN105122214B CN105122214B (en) 2019-03-01

Family

ID=51792254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380075647.4A Active CN105122214B (en) 2013-04-23 2013-04-23 Reparation to the system data damaged in nonvolatile memory

Country Status (5)

Country Link
US (1) US9990255B2 (en)
EP (1) EP2989547B1 (en)
CN (1) CN105122214B (en)
TW (1) TWI549136B (en)
WO (1) WO2014175865A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112099987A (en) * 2020-09-07 2020-12-18 中国第一汽车股份有限公司 Data management method, device, equipment and storage medium

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015218882A1 (en) * 2015-09-30 2017-03-30 Robert Bosch Gmbh Method and device for checking calculation results in a system with several processing units
JP6723863B2 (en) * 2016-08-01 2020-07-15 オリンパス株式会社 Embedded system, photography equipment and refresh method
CN106648632A (en) * 2016-12-02 2017-05-10 英业达科技有限公司 Computer system
US10802916B2 (en) * 2017-08-04 2020-10-13 Dell Products, L.P. System and method to enable rapid recovery of an operating system image of an information handling system after a malicious attack
CN109614798B (en) * 2017-09-30 2022-12-27 华为技术有限公司 Safe starting method and device and terminal equipment
US11182148B2 (en) * 2018-03-13 2021-11-23 Dell Products L.P. System and method for automated BIOS recovery after BIOS corruption
KR102571747B1 (en) * 2018-04-06 2023-08-29 에스케이하이닉스 주식회사 Data storage device and operating method thereof
US10853179B2 (en) * 2018-12-21 2020-12-01 Dell Products L.P. Information handling system and method for restoring firmware in one or more regions of a flash memory device
US11418335B2 (en) 2019-02-01 2022-08-16 Hewlett-Packard Development Company, L.P. Security credential derivation
WO2020167283A1 (en) 2019-02-11 2020-08-20 Hewlett-Packard Development Company, L.P. Recovery from corruption
US11347519B2 (en) * 2020-05-27 2022-05-31 Dell Products L.P. Systems and methods for detecting short-term changes to BIOS setup
US11487621B1 (en) * 2021-04-29 2022-11-01 Dell Products L.P. Linking embedded controller with memory reference code and system bios shadowing

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040268079A1 (en) * 2003-06-24 2004-12-30 International Business Machines Corporation Method and system for providing a secure rapid restore backup of a raid system
US20050081090A1 (en) * 2003-09-29 2005-04-14 Giga-Byte Technology Co., Ltd. Method for automatically and safely recovering BIOS memory circuit in memory device including double BIOS memory circuits
US7100087B2 (en) * 2001-12-28 2006-08-29 Asustek Computer Inc. Module and method for automatic restoring BIOS device
US20090158020A1 (en) * 2005-12-30 2009-06-18 Hanying Chen System Backup And Recovery Solution Based On BIOS
US20110093741A1 (en) * 2009-10-15 2011-04-21 Te-Yu Liang Method for recovering bios and computer system thereof
US20120303944A1 (en) * 2011-05-24 2012-11-29 Hon Hai Precision Industry Co., Ltd. Data recovering system and method

Family Cites Families (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2772103B2 (en) 1990-03-28 1998-07-02 株式会社東芝 Computer system startup method
US5432927A (en) 1992-06-17 1995-07-11 Eaton Corporation Fail-safe EEPROM based rewritable boot system
US5327531A (en) * 1992-09-21 1994-07-05 International Business Machines Corp. Data processing system including corrupt flash ROM recovery
US5469573A (en) 1993-02-26 1995-11-21 Sytron Corporation Disk operating system backup and recovery system
US5745669A (en) 1993-10-21 1998-04-28 Ast Research, Inc. System and method for recovering PC configurations
US5713024A (en) 1994-06-10 1998-01-27 Exabyte Corporation Cold boot data backup system
US5564054A (en) 1994-08-25 1996-10-08 International Business Machines Corporation Fail-safe computer boot apparatus and method
JP3088269B2 (en) 1995-07-26 2000-09-18 日本電気通信システム株式会社 Computer network system and operating system version management method
US5822581A (en) 1995-09-29 1998-10-13 Intel Corporation Method for CMOS configuration information storage and retrieval in flash
US5918047A (en) 1996-01-26 1999-06-29 Texas Instruments Incorporated Initializing a processing system
US6205527B1 (en) 1998-02-24 2001-03-20 Adaptec, Inc. Intelligent backup and restoring system and method for implementing the same
US5987605A (en) 1998-02-28 1999-11-16 Hewlett-Packard Co. Methods and apparatus for dual-boot memory selection, update, and recovery in a programmable device
US6275930B1 (en) 1998-08-12 2001-08-14 Symantec Corporation Method, computer, and article of manufacturing for fault tolerant booting
US6539473B1 (en) 1999-09-02 2003-03-25 International Business Machines Corporation Remotely controlled boot manager
US20060075395A1 (en) 2004-10-01 2006-04-06 Lee Charles C Flash card system
US8296467B2 (en) 2000-01-06 2012-10-23 Super Talent Electronics Inc. Single-chip flash device with boot code transfer capability
JP3838840B2 (en) 2000-01-06 2006-10-25 Necエレクトロニクス株式会社 Computer
US7676640B2 (en) 2000-01-06 2010-03-09 Super Talent Electronics, Inc. Flash memory controller controlling various flash memory cells
JP2001209543A (en) 2000-01-28 2001-08-03 Nec Ic Microcomput Syst Ltd Program rewriting method for flash microcomputer
GB2367656A (en) * 2000-10-06 2002-04-10 Hewlett Packard Co Self-repairing operating system for computer entities
US6807630B2 (en) 2000-12-15 2004-10-19 International Business Machines Corporation Method for fast reinitialization wherein a saved system image of an operating system is transferred into a primary memory from a secondary memory
US6651188B2 (en) 2001-06-29 2003-11-18 Intel Corporation Automatic replacement of corrupted BIOS image
US7069445B2 (en) 2001-11-30 2006-06-27 Lenovo (Singapore) Pte. Ltd System and method for migration of a version of a bootable program
JP3863447B2 (en) 2002-03-08 2006-12-27 インターナショナル・ビジネス・マシーンズ・コーポレーション Authentication system, firmware device, electrical device, and authentication method
EP1372068A3 (en) 2002-06-11 2006-02-08 Seiko Epson Corporation System, method and program for rewriting a flash memory
US7143275B2 (en) 2002-08-01 2006-11-28 Hewlett-Packard Development Company, L.P. System firmware back-up using a BIOS-accessible pre-boot partition
US20040030877A1 (en) 2002-08-06 2004-02-12 Aleksandr Frid Using system BIOS to update embedded controller firmware
US6915420B2 (en) 2003-01-06 2005-07-05 John Alan Hensley Method for creating and protecting a back-up operating system within existing storage that is not hidden during operation
US20040193862A1 (en) 2003-03-31 2004-09-30 Johnson Lin Device with high storage capacity and several BIOS backup copies
US7136994B2 (en) 2003-05-13 2006-11-14 Intel Corporation Recovery images in an operational firmware environment
US7533274B2 (en) 2003-11-13 2009-05-12 International Business Machines Corporation Reducing the boot time of a TCPA based computing system when the core root of trust measurement is embedded in the boot block code
US20050190699A1 (en) 2004-02-26 2005-09-01 Smith Carey W. Collecting hardware asset information
US7185191B2 (en) 2004-05-05 2007-02-27 International Business Machines Corporation Updatable firmware having boot and/or communication redundancy
US20050273588A1 (en) 2004-06-08 2005-12-08 Ong Soo K Bootstrap method and apparatus with plural interchangeable boot code images
KR101038567B1 (en) * 2004-07-13 2011-06-02 엘지전자 주식회사 Apparatus for System crisis and Method thereof
US20060020844A1 (en) * 2004-07-22 2006-01-26 Gibbons Patrick L Recovery of custom BIOS settings
US7409539B2 (en) 2004-08-06 2008-08-05 International Business Machines Corporation System design and code update strategy to implement a self-healing, self-verifying system
US7370234B2 (en) 2004-10-14 2008-05-06 International Business Machines Corporation Method for system recovery
US7373551B2 (en) * 2004-12-21 2008-05-13 Intel Corporation Method to provide autonomic boot recovery
US7340595B2 (en) * 2005-01-07 2008-03-04 International Business Machines Corporation Multiplex execution-path system
US8028172B2 (en) 2005-01-14 2011-09-27 Microsoft Corporation Systems and methods for updating a secure boot process on a computer with a hardware security module
US7711989B2 (en) * 2005-04-01 2010-05-04 Dot Hill Systems Corporation Storage system with automatic redundant code component failure detection, notification, and repair
US20060225067A1 (en) 2005-04-05 2006-10-05 Inventec Corporation Method for automatically updating and backing up the BIOS
US8006125B1 (en) * 2005-04-29 2011-08-23 Microsoft Corporation Automatic detection and recovery of corrupt disk metadata
US7734945B1 (en) 2005-04-29 2010-06-08 Microsoft Corporation Automated recovery of unbootable systems
US7193895B2 (en) 2005-06-24 2007-03-20 Chingis Technology Corporation Redundant memory content substitution apparatus and method
TW200739417A (en) 2006-04-14 2007-10-16 Benq Corp Method for software processing and firmware updating in different OS and system thereof
US8863309B2 (en) 2006-04-27 2014-10-14 Hewlett-Packard Development Company, L.P. Selectively unlocking a core root of trust for measurement (CRTM)
TW200809611A (en) 2006-08-11 2008-02-16 Quanta Comp Inc Embedded system and the boot code auto-copy method
US7886190B2 (en) * 2006-09-29 2011-02-08 Intel Corporation System and method for enabling seamless boot recovery
JP4784888B2 (en) 2006-11-09 2011-10-05 エスアイアイ・ナノテクノロジー株式会社 Method for preparing sample for atom probe analysis by FIB and apparatus for implementing the same
US7613872B2 (en) 2006-11-28 2009-11-03 International Business Machines Corporation Providing core root of trust measurement (CRTM) for systems using a backup copy of basic input/output system (BIOS)
TW200825915A (en) 2006-12-07 2008-06-16 Wistron Corp Computer system and related method for preventing from failing to update BIOS program
JP5244124B2 (en) 2007-01-04 2013-07-24 サンディスク アイエル リミテッド Recovering from file transfer failure between host and data storage device
US20080195750A1 (en) 2007-02-09 2008-08-14 Microsoft Corporation Secure cross platform auditing
US7743424B2 (en) 2007-02-22 2010-06-22 Inventec Corporation Method for protecting data in a hard disk
US20090063834A1 (en) 2007-09-05 2009-03-05 Inventec Corporation Auto-Switching Bios System and the Method Thereof
US7925877B2 (en) 2007-09-27 2011-04-12 Texas Instruments Incorporated Method, system and apparatus for providing a boot loader of an embedded system
TWI362588B (en) 2007-10-12 2012-04-21 Asustek Comp Inc Monitor apparatus, a monitoring method thereof and computer apparatus therewith
CN101458648A (en) 2007-12-12 2009-06-17 鸿富锦精密工业(深圳)有限公司 Double-BIOS circuit
US20090172639A1 (en) 2007-12-27 2009-07-02 Mahesh Natu Firmware integrity verification
US8392762B2 (en) 2008-02-04 2013-03-05 Honeywell International Inc. System and method for detection and prevention of flash corruption
TWI366135B (en) 2008-03-26 2012-06-11 Asustek Comp Inc Method for restoring bios and computer thereof
US7818622B2 (en) 2008-04-29 2010-10-19 International Business Machines Corporation Method for recovering data processing system failures
US7984286B2 (en) 2008-06-25 2011-07-19 Intel Corporation Apparatus and method for secure boot environment
US8055892B2 (en) 2008-07-18 2011-11-08 International Business Machines Corporation Provision of remote system recovery services
TW201007465A (en) 2008-08-13 2010-02-16 Ene Technology Inc A sharable memory architecture of cache in a embedded controller and a method of sharing memory
TWI460657B (en) 2008-09-05 2014-11-11 Asustek Comp Inc Method for updating basic input/output system and method for repairing thereof
US20100082960A1 (en) 2008-09-30 2010-04-01 Steve Grobman Protected network boot of operating system
TWI382346B (en) 2008-10-20 2013-01-11 Asustek Comp Inc Computer system with dual bios protection mechanism and control method of the same
TW201033808A (en) 2009-03-10 2010-09-16 Vivotek Inc System recovery method and embedded system with auto-recovery function
US9377960B2 (en) 2009-07-29 2016-06-28 Hgst Technologies Santa Ana, Inc. System and method of using stripes for recovering data in a flash storage system
US8812854B2 (en) * 2009-10-13 2014-08-19 Google Inc. Firmware verified boot
TW201115341A (en) * 2009-10-20 2011-05-01 Inventec Corp Method for protecting redundant data
US8838949B2 (en) 2010-03-22 2014-09-16 Qualcomm Incorporated Direct scatter loading of executable software image from a primary processor to one or more secondary processor in a multi-processor system
US8429391B2 (en) 2010-04-16 2013-04-23 Micron Technology, Inc. Boot partitions in memory devices and systems
US20120011393A1 (en) 2010-07-06 2012-01-12 Roberts Richard B Bios recovery
US9063836B2 (en) * 2010-07-26 2015-06-23 Intel Corporation Methods and apparatus to protect segments of memory
US8499295B2 (en) 2010-09-20 2013-07-30 American Megatrends, Inc. Microcontroller firmware running from RAM and applications of the same
US8489922B2 (en) 2010-11-17 2013-07-16 Apple Inc. Networked recovery system
TWI459294B (en) 2011-03-18 2014-11-01 Phoenix Tech Ltd Bios update method and computer system for using the same
JP5476363B2 (en) 2011-12-19 2014-04-23 レノボ・シンガポール・プライベート・リミテッド Computer startup method using biometric authentication device and computer
KR101856284B1 (en) 2012-01-03 2018-06-25 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. Backing up firmware during initialization of device
KR101994811B1 (en) 2012-03-04 2019-07-01 삼성전자주식회사 Electronic apparatus, method for restore of mbr and computer-readable recording medium
TWI564747B (en) 2012-10-19 2017-01-01 威盛電子股份有限公司 Electronic device and secure boot method
US9575768B1 (en) 2013-01-08 2017-02-21 Marvell International Ltd. Loading boot code from multiple memories
US9558012B2 (en) 2013-02-21 2017-01-31 Applied Micro Circuits Corporation System boot with external media
US9336010B2 (en) 2013-03-15 2016-05-10 Xilinx, Inc. Multi-boot or fallback boot of a system-on-chip using a file-based boot device
US9852298B2 (en) * 2013-04-23 2017-12-26 Hewlett-Packard Development Company, L.P. Configuring a system
WO2014175864A1 (en) 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Event data structure to store event data
EP2989579B1 (en) 2013-04-23 2018-06-06 Hewlett-Packard Development Company, L.P. Redundant system boot code in a secondary non-volatile memory
US9542195B1 (en) 2013-07-29 2017-01-10 Western Digital Technologies, Inc. Motherboards and methods for BIOS failover using a first BIOS chip and a second BIOS chip
TW201512831A (en) 2013-09-30 2015-04-01 Hon Hai Prec Ind Co Ltd Computer booting system and method of a computer
TW201520895A (en) 2013-11-20 2015-06-01 Hon Hai Prec Ind Co Ltd System and method for automatically recovering BIOS of a computer
US9411688B1 (en) 2013-12-11 2016-08-09 Xilinx, Inc. System and method for searching multiple boot devices for boot images
US9122893B1 (en) 2014-02-24 2015-09-01 International Business Machines Corporation Trusted platform module switching
US9262257B2 (en) 2014-04-21 2016-02-16 Netapp, Inc. Providing boot data in a cluster network environment
US9317691B2 (en) 2014-05-08 2016-04-19 Dell Products L.P. Pre-boot software verification
WO2016122520A1 (en) 2015-01-29 2016-08-04 Hewlett-Packard Development Company, L.P. Resuming a system-on-a-chip device
US9740866B2 (en) 2015-06-10 2017-08-22 The Boeing Company Automatic measuring boot process using an automatic measuring processor coupled to a memory

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7100087B2 (en) * 2001-12-28 2006-08-29 Asustek Computer Inc. Module and method for automatic restoring BIOS device
US20040268079A1 (en) * 2003-06-24 2004-12-30 International Business Machines Corporation Method and system for providing a secure rapid restore backup of a raid system
US20050081090A1 (en) * 2003-09-29 2005-04-14 Giga-Byte Technology Co., Ltd. Method for automatically and safely recovering BIOS memory circuit in memory device including double BIOS memory circuits
US20090158020A1 (en) * 2005-12-30 2009-06-18 Hanying Chen System Backup And Recovery Solution Based On BIOS
US20110093741A1 (en) * 2009-10-15 2011-04-21 Te-Yu Liang Method for recovering bios and computer system thereof
US20120303944A1 (en) * 2011-05-24 2012-11-29 Hon Hai Precision Industry Co., Ltd. Data recovering system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112099987A (en) * 2020-09-07 2020-12-18 中国第一汽车股份有限公司 Data management method, device, equipment and storage medium

Also Published As

Publication number Publication date
US20160055069A1 (en) 2016-02-25
TW201447903A (en) 2014-12-16
EP2989547A1 (en) 2016-03-02
EP2989547B1 (en) 2018-03-14
EP2989547A4 (en) 2017-01-18
US9990255B2 (en) 2018-06-05
TWI549136B (en) 2016-09-11
WO2014175865A1 (en) 2014-10-30
CN105122214B (en) 2019-03-01

Similar Documents

Publication Publication Date Title
US11520894B2 (en) Verifying controller code
CN105122214A (en) Repairing compromised system data in a non-volatile memory
TWI530790B (en) System boot code recovery method, computing system, and controller for use in a system
US11843705B2 (en) Dynamic certificate management as part of a distributed authentication system
US10089472B2 (en) Event data structure to store event data
CN105122258B (en) Method, computing system and the article that system is configured
TW201506675A (en) Recovering from compromised system boot code
US20200293694A1 (en) Protect computing device using hash based on power event
US9928367B2 (en) Runtime verification
US20210232688A1 (en) Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor
US20230297682A1 (en) Computing device quarantine action system
CN116956267A (en) Management controller based verification of platform certificates

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant